This is an automated email from the ASF dual-hosted git repository.
heneveld pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/brooklyn-server.git
The following commit(s) were added to refs/heads/master by this push:
new 09e6453 fix bug where logout requires special header on non-master
servers
09e6453 is described below
commit 09e6453064b27b65e42e56b05bd44d632b1ac864
Author: Alex Heneveld <[email protected]>
AuthorDate: Fri Jan 14 15:01:17 2022 +0000
fix bug where logout requires special header on non-master servers
---
.../rest/filter/HaHotCheckHelperAbstract.java | 17 +++++++++++++-
.../rest/filter/HaHotCheckResourceFilter.java | 26 ++++++++++++++++------
.../brooklyn/rest/filter/HaMasterCheckFilter.java | 19 ++++++----------
3 files changed, 42 insertions(+), 20 deletions(-)
diff --git
a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/filter/HaHotCheckHelperAbstract.java
b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/filter/HaHotCheckHelperAbstract.java
index 6e60420..88f9b00 100644
---
a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/filter/HaHotCheckHelperAbstract.java
+++
b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/filter/HaHotCheckHelperAbstract.java
@@ -26,6 +26,7 @@ import org.apache.brooklyn.api.mgmt.ManagementContext;
import org.apache.brooklyn.api.mgmt.ha.ManagementNodeState;
import org.apache.brooklyn.rest.domain.ApiError;
import org.apache.brooklyn.util.guava.Maybe;
+import org.apache.brooklyn.util.text.Strings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -82,5 +83,19 @@ public abstract class HaHotCheckHelperAbstract {
public boolean isStateNotYetValid() {
return mgmt().getRebindManager().isAwaitingInitialRebind();
}
-
+
+ public static boolean isCallAllowedInAnyState(String uri) {
+ if (uri !=null) {
+ uri = Strings.removeAllFromStart(uri, "/", "v1/");
+
+ // user can log out anywhere they log in
+ if (uri.startsWith("logout")) return true;
+
+ // explicitly allow calls to shutdown
+ // (if stopAllApps is specified, the method itself will fail; but
we do not want to consume parameters here, that breaks things!)
+ if ("server/shutdown".equals(uri)) return true;
+ }
+ return false;
+ }
+
}
diff --git
a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/filter/HaHotCheckResourceFilter.java
b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/filter/HaHotCheckResourceFilter.java
index 3310ff5..4d04797 100644
---
a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/filter/HaHotCheckResourceFilter.java
+++
b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/filter/HaHotCheckResourceFilter.java
@@ -120,18 +120,30 @@ public class HaHotCheckResourceFilter implements
ContainerRequestFilter {
}
private boolean isMasterRequiredForRequest(ContainerRequestContext
requestContext) {
- // gets usually okay
+ // GETs are allowed (unless flagged later by the caller) usually okay
if (SAFE_STANDBY_METHODS.contains(requestContext.getMethod())) return
false;
- String uri = requestContext.getUriInfo().getPath();
- // explicitly allow calls to shutdown
- // (if stopAllApps is specified, the method itself will fail; but we
do not want to consume parameters here, that breaks things!)
- // TODO use an annotation HaAnyStateAllowed or
HaHotCheckRequired(false) or similar
- if ("server/shutdown".equals(uri)) return false;
-
+ if (isCallAllowedInAnyState(requestContext.getUriInfo().getPath()))
return false;
+
return true;
}
+ protected boolean isCallAllowedInAnyState(String uri) {
+ // TODO use an annotation HaAnyStateAllowed or
HaHotCheckRequired(false) instead of these ad hoc checks
+
+ if (uri !=null) {
+ uri = Strings.removeAllFromStart(uri, "/", "v1/");
+
+ // user can log out anywhere they log in
+ if (uri.startsWith("logout")) return true;
+
+ // explicitly allow calls to shutdown
+ // (if stopAllApps is specified, the method itself will fail; but
we do not want to consume parameters here, that breaks things!)
+ if ("server/shutdown".equals(uri)) return true;
+ }
+ return false;
+ }
+
protected boolean isHaHotStateRequired() {
// TODO support super annotations
Method m = resourceInfo.getResourceMethod();
diff --git
a/rest/rest-server/src/main/java/org/apache/brooklyn/rest/filter/HaMasterCheckFilter.java
b/rest/rest-server/src/main/java/org/apache/brooklyn/rest/filter/HaMasterCheckFilter.java
index 278b2f1..6de3d10 100644
---
a/rest/rest-server/src/main/java/org/apache/brooklyn/rest/filter/HaMasterCheckFilter.java
+++
b/rest/rest-server/src/main/java/org/apache/brooklyn/rest/filter/HaMasterCheckFilter.java
@@ -106,18 +106,13 @@ public class HaMasterCheckFilter implements Filter {
private boolean isMasterRequiredForRequest(ServletRequest request) {
if (request instanceof HttpServletRequest) {
HttpServletRequest httpRequest = (HttpServletRequest) request;
-
- String method = httpRequest.getMethod().toUpperCase();
- // gets usually okay
- if (SAFE_STANDBY_METHODS.contains(method)) return false;
-
- // explicitly allow calls to shutdown
- // (if stopAllApps is specified, the method itself will fail; but
we do not want to consume parameters here, that breaks things!)
- // TODO combine with HaHotCheckResourceFilter and use an
annotation HaAnyStateAllowed or similar
- if ("/v1/server/shutdown".equals(httpRequest.getRequestURI()) ||
- "/server/shutdown".equals(httpRequest.getRequestURI()))
return false;
-
- // master required for everything else
+
+ // GETs are never master-specific; they might be restricted to
HaHotCheck, see HaHotCheckResourceFilter
+ if
(SAFE_STANDBY_METHODS.contains(httpRequest.getMethod().toUpperCase())) return
false;
+
+ if
(HaHotCheckHelperAbstract.isCallAllowedInAnyState(httpRequest.getRequestURI()))
return false;
+
+ // master is required for everything else
return true;
}
// previously non-HttpServletRequests were allowed but I don't think
they should be
